Everyone involved in the triage, investigation and response to security incidents battles the same adversary: Time. 

Whether you are a Tier 1 analyst weeding out false positives or a senior analyst dissecting a sophisticated attack, the clock is always against you. Every minute spent searching for an indicator of compromise, rooting through logs or running queries to gather asset information pertinent to a case is one less minute spent on understanding the scope and potential impact of the issue at hand. To that end, SOC teams are always on the lookout for anything to give them precious minutes back, which they can use to investigate and close more cases.

Thankfully both the MITRE ATT&CK framework and security orchestration, automation and response (SOAR) technology have emerged to help operations professionals achieve more efficiency.
Join us Nov. 12 for a webinar teaching you how to integrate the MITRE ATT&CK framework into your SOAR

The MITRE ATT&CK framework, a repository of adversary techniques and tactics contributed by security professionals around the world, helps organizations identify the means by which attackers may attempt to infiltrate them. With every piece of data mapped to the kill chain, complemented by embedded guidance and real-world examples, MITRE ATT&CK is now the defacto standard to streamline detection, investigation, and response. 

Siemplify now delivers an integration to the MITRE ATT&CK framework for its Security Operations Platform, enabling SOC teams to incorporate the rich data and actionable intelligence provided by the framework into their incident response workflows.

The Specifics

There is a wealth of information available in the MITRE ATT&CK framework, all of which can provide valuable insight to analysts during investigations and guide remediation actions. The current integration available out of the box includes:

  • Technique Details: How attackers are attempting to compromise your environment.
  • Mitigations: The steps you should follow to combat the attack.
  • Associated Intrusions: Related adversaries known to have used these attack vectors

Once downloaded from the Siemplify Marketplace, creating a playbook that collects this data for every case is a snap. Check out this short video for a step-by-step walk-through of the process of connecting your Siemplify SOAR platform to the MITRE ATT&CK framework.

The Benefits

Incorporating the MITRE ATT&CK Framework into your Siemplify Security Operations Platform delivers value from CISO down to the junior SOC staff. Analysts will no longer need to context switch (move from one system to another) to gain the insights available in the framework. Those insights are displayed with the case automatically. From a management perspective, maintaining and monitoring MITRE ATT&CK trends in your environment can highlight gaps that might exist in your security architecture. With this information, managers can make data-driven decisions, proposing ways to improve the SOC’s overall approach.

More time is what we all need, and with Siemplify and MITRE ATT&CK framework, you’ll start feeling more on schedule  –  or even ahead.

Steve Salinas is director of product marketing at Siemplify.